hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-862: Add create/destroy and remove plugin_name entry points

Browse Source 
The create and destroy entry points allow authenticators to store data in
the DCB. This data is not shared by other DCBs related to the same
session.

The plugin_name entry point wasn't really useful as the plugins would
still need to send a AuthSwitchRequest packet if they wanted to change the
authentication mechanism.
This commit is contained in:
Markus Makela
2016-10-04 12:06:52 +03:00
parent 829d5a7453
commit dfeb5c46c9
15 changed files with 155 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server/modules/authenticator/cdc_plain_auth.c
View File

@ -67,12 +67,13 @@ extern char *decryptPassword(char *crypt);
*/
static GWAUTHENTICATOR MyObject =
{
cdc_auth_set_protocol_data, /* Extract data into structure */
cdc_auth_is_client_ssl_capable, /* Check if client supports SSL */
cdc_auth_authenticate, /* Authenticate user credentials */
cdc_auth_free_client_data, /* Free the client data held in DCB */
cdc_replace_users,
NULL
NULL, /* No create entry point */
cdc_auth_set_protocol_data, /* Extract data into structure */
cdc_auth_is_client_ssl_capable, /* Check if client supports SSL */
cdc_auth_authenticate, /* Authenticate user credentials */
cdc_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
cdc_replace_users /* Load CDC users */
};
static int cdc_auth_check(

13
server/modules/authenticator/http_auth.c
View File

@ -59,12 +59,13 @@ static void http_auth_free_client_data(DCB *dcb);
*/
static GWAUTHENTICATOR MyObject =
{
http_auth_set_protocol_data, /* Extract data into structure */
http_auth_is_client_ssl_capable, /* Check if client supports SSL */
http_auth_authenticate, /* Authenticate user credentials */
http_auth_free_client_data, /* Free the client data held in DCB */
users_default_loadusers,
NULL
NULL, /* No create entry point */
http_auth_set_protocol_data, /* Extract data into structure */
http_auth_is_client_ssl_capable, /* Check if client supports SSL */
http_auth_authenticate, /* Authenticate user credentials */
http_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
users_default_loadusers /* Load generic users */
};
typedef struct http_auth

13
server/modules/authenticator/max_admin_auth.c
View File

@ -59,12 +59,13 @@ static void max_admin_auth_free_client_data(DCB *dcb);
*/
static GWAUTHENTICATOR MyObject =
{
max_admin_auth_set_protocol_data, /* Extract data into structure */
max_admin_auth_is_client_ssl_capable, /* Check if client supports SSL */
max_admin_auth_authenticate, /* Authenticate user credentials */
max_admin_auth_free_client_data, /* Free the client data held in DCB */
users_default_loadusers,
NULL
NULL, /* No create entry point */
max_admin_auth_set_protocol_data, /* Extract data into structure */
max_admin_auth_is_client_ssl_capable, /* Check if client supports SSL */
max_admin_auth_authenticate, /* Authenticate user credentials */
max_admin_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
users_default_loadusers /* Load generic users */
};
/**

33
server/modules/authenticator/mysql_auth.c
View File

@ -62,12 +62,13 @@ static int mysql_auth_load_users(SERV_LISTENER *port);
*/
static GWAUTHENTICATOR MyObject =
{
mysql_auth_set_protocol_data, /* Extract data into structure */
mysql_auth_is_client_ssl_capable, /* Check if client supports SSL */
mysql_auth_authenticate, /* Authenticate user credentials */
mysql_auth_free_client_data, /* Free the client data held in DCB */
mysql_auth_load_users, /* Load users from backend databases */
"mysql_native_password"
NULL, /* No create entry point */
mysql_auth_set_protocol_data, /* Extract data into structure */
mysql_auth_is_client_ssl_capable, /* Check if client supports SSL */
mysql_auth_authenticate, /* Authenticate user credentials */
mysql_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
mysql_auth_load_users /* Load users from backend databases */
};
static int combined_auth_check(
@ -243,22 +244,8 @@ mysql_auth_set_protocol_data(DCB *dcb, GWBUF *buf)
protocol = DCB_PROTOCOL(dcb, MySQLProtocol);
CHK_PROTOCOL(protocol);
if (dcb->data == NULL)
{
if (NULL == (client_data = (MYSQL_session *)MXS_CALLOC(1, sizeof(MYSQL_session))))
{
return MXS_AUTH_FAILED;
}
#if defined(SS_DEBUG)
client_data->myses_chk_top = CHK_NUM_MYSQLSES;
client_data->myses_chk_tail = CHK_NUM_MYSQLSES;
#endif
dcb->data = client_data;
}
else
{
client_data = (MYSQL_session *)dcb->data;
}
client_data = (MYSQL_session *)dcb->data;
client_auth_packet_size = gwbuf_length(buf);
@ -311,7 +298,7 @@ mysql_auth_set_client_data(
gwbuf_copy_data(buffer, 0, client_auth_packet_size, client_auth_packet);
/* The numbers are the fixed elements in the client handshake packet */
int auth_packet_base_size = 4 + 4 + 4 + 1 + 23;
int auth_packet_base_size = MYSQL_AUTH_PACKET_BASE_SIZE;
int packet_length_used = 0;
/* Take data from fixed locations first */

43
server/modules/authenticator/mysql_backend_auth.c
View File

@ -50,7 +50,7 @@ typedef struct mysql_backend_auth
* @brief Allocate a new mysql_backend_auth object
* @return Allocated object or NULL if memory allocation failed
*/
mysql_backend_auth_t* mba_alloc()
void* auth_backend_create()
{
mysql_backend_auth_t* mba = MXS_MALLOC(sizeof(*mba));
@ -62,6 +62,18 @@ mysql_backend_auth_t* mba_alloc()
return mba;
}
/**
* @brief Free allocated mysql_backend_auth object
* @param data Allocated mysql_backend_auth object
*/
void auth_backend_destroy(void *data)
{
if (data)
{
MXS_FREE(data);
}
}
/**
* Receive the MySQL authentication packet from backend, packet # is 2
*
@ -95,9 +107,9 @@ auth_backend_extract(DCB *dcb, GWBUF *buf)
{
int rval = MXS_AUTH_FAILED;
if (dcb->backend_data || (dcb->backend_data = mba_alloc()))
if (dcb->authenticator_data)
{
mysql_backend_auth_t *mba = (mysql_backend_auth_t*)dcb->backend_data;
mysql_backend_auth_t *mba = (mysql_backend_auth_t*)dcb->authenticator_data;
switch (mba->state)
{
@ -146,7 +158,7 @@ static int
auth_backend_authenticate(DCB *dcb)
{
int rval = MXS_AUTH_FAILED;
mysql_backend_auth_t *mba = (mysql_backend_auth_t*)dcb->backend_data;
mysql_backend_auth_t *mba = (mysql_backend_auth_t*)dcb->authenticator_data;
if (mba->state == MBA_SEND_RESPONSE)
{
@ -192,16 +204,6 @@ auth_backend_ssl(DCB *dcb)
return dcb->server->server_ssl != NULL;
}
/**
* @brief Dummy function for the free entry point
*/
static void
auth_backend_free(DCB *dcb)
{
MXS_FREE(dcb->backend_data);
dcb->backend_data = NULL;
}
/**
* @brief Dummy function for the loadusers entry point
*/
@ -230,12 +232,13 @@ static char *version_str = "V1.0.0";
*/
static GWAUTHENTICATOR MyObject =
{
auth_backend_extract, /* Extract data into structure */
auth_backend_ssl, /* Check if client supports SSL */
auth_backend_authenticate, /* Authenticate user credentials */
auth_backend_free, /* Free the client data held in DCB */
auth_backend_load_users, /* Load users from backend databases */
DEFAULT_MYSQL_AUTH_PLUGIN
auth_backend_create, /* Create authenticator */
auth_backend_extract, /* Extract data into structure */
auth_backend_ssl, /* Check if client supports SSL */
auth_backend_authenticate, /* Authenticate user credentials */
NULL, /* The shared data is freed by the client DCB */
auth_backend_destroy, /* Destroy authenticator */
NULL /* We don't need to load users */
};
/**

13
server/modules/authenticator/null_auth_allow.c
View File

@ -58,12 +58,13 @@ static void null_auth_free_client_data(DCB *dcb);
*/
static GWAUTHENTICATOR MyObject =
{
null_auth_set_protocol_data, /* Extract data into structure */
null_auth_is_client_ssl_capable, /* Check if client supports SSL */
null_auth_authenticate, /* Authenticate user credentials */
null_auth_free_client_data, /* Free the client data held in DCB */
users_default_loadusers,
NULL
NULL, /* No create entry point */
null_auth_set_protocol_data, /* Extract data into structure */
null_auth_is_client_ssl_capable, /* Check if client supports SSL */
null_auth_authenticate, /* Authenticate user credentials */
null_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
users_default_loadusers /* Load generic users */
};
/**

13
server/modules/authenticator/null_auth_deny.c
View File

@ -58,12 +58,13 @@ static void null_auth_free_client_data(DCB *dcb);
*/
static GWAUTHENTICATOR MyObject =
{
null_auth_set_protocol_data, /* Extract data into structure */
null_auth_is_client_ssl_capable, /* Check if client supports SSL */
null_auth_authenticate, /* Authenticate user credentials */
null_auth_free_client_data, /* Free the client data held in DCB */
users_default_loadusers,
NULL
NULL, /* No create entry point */
null_auth_set_protocol_data, /* Extract data into structure */
null_auth_is_client_ssl_capable, /* Check if client supports SSL */
null_auth_authenticate, /* Authenticate user credentials */
null_auth_free_client_data, /* Free the client data held in DCB */
NULL, /* No destroy entry point */
users_default_loadusers /* Load generic users */
};
/**

5
server/modules/include/mysql_client_server_protocol.h
View File

@ -81,6 +81,9 @@
#define DEFAULT_MYSQL_AUTH_PLUGIN "mysql_native_password"
/** All authentication responses are at least this many bytes long */
#define MYSQL_AUTH_PACKET_BASE_SIZE 36
/** Maximum length of a MySQL packet */
#define MYSQL_PACKET_LENGTH_MAX 0x00ffffff
@ -297,6 +300,8 @@ typedef struct
/* The following can be compared using memcmp to detect a null password */
extern uint8_t null_client_sha1[MYSQL_SCRAMBLE_LEN];
MYSQL_session* mysql_session_alloc();
MySQLProtocol* mysql_protocol_init(DCB* dcb, int fd);
void mysql_protocol_done (DCB* dcb);
const char *gw_mysql_protocol_state2string(int state);

10
server/modules/protocol/MySQLBackend/mysql_backend.c
View File

@ -848,8 +848,12 @@ mxs_auth_state_t gw_send_backend_auth(DCB *dcb)
uint32_t capabilities = create_capabilities(conn, (local_session.db && strlen(local_session.db)), false);
gw_mysql_set_byte4(client_capabilities, capabilities);
const char* auth_plugin_name = dcb->authfunc.plugin_name ?
dcb->authfunc.plugin_name : DEFAULT_MYSQL_AUTH_PLUGIN;
/**
* Use the default authentication plugin name. If the server is using a
* different authentication mechanism, it will send an AuthSwitchRequest
* packet.
*/
const char* auth_plugin_name = DEFAULT_MYSQL_AUTH_PLUGIN;
long bytes = response_length(conn, local_session.user, local_session.client_sha1,
local_session.db, auth_plugin_name);
@ -909,7 +913,7 @@ mxs_auth_state_t gw_send_backend_auth(DCB *dcb)
}
// if the db is not NULL append it
if (local_session.db && strlen(local_session.db))
if (local_session.db[0])
{
memcpy(payload, local_session.db, strlen(local_session.db));
payload += strlen(local_session.db);

29
server/modules/protocol/MySQLClient/mysql_client.c
View File

@ -311,8 +311,12 @@ int MySQLSendHandshake(DCB* dcb)
memcpy(mysql_plugin_data, server_scramble + 8, 12);
const char* plugin_name = dcb->authfunc.plugin_name ?
dcb->authfunc.plugin_name : DEFAULT_MYSQL_AUTH_PLUGIN;
/**
* Use the default authentication plugin name in the initial handshake. If the
* authenticator needs to change the authentication method, it should send
* an AuthSwitchRequest packet to the client.
*/
const char* plugin_name = DEFAULT_MYSQL_AUTH_PLUGIN;
int plugin_name_len = strlen(plugin_name);
mysql_payload_size =
@ -562,6 +566,13 @@ int gw_read_client_event(DCB* dcb)
static int
gw_read_do_authentication(DCB *dcb, GWBUF *read_buffer, int nbytes_read)
{
/** Allocate the shared session structure */
if (dcb->data == NULL && (dcb->data = mysql_session_alloc()) == NULL)
{
dcb_close(dcb);
return 1;
}
/**
* The first step in the authentication process is to extract the
* relevant information from the buffer supplied and place it
@ -590,7 +601,17 @@ gw_read_do_authentication(DCB *dcb, GWBUF *read_buffer, int nbytes_read)
*/
if (MXS_AUTH_SUCCEEDED == auth_val)
{
SESSION *session;
if (dcb->user == NULL)
{
/** User authentication complete, copy the username to the DCB */
MYSQL_session *ses = dcb->data;
if ((dcb->user = MXS_STRDUP(ses->user)) == NULL)
{
dcb_close(dcb);
gwbuf_free(read_buffer);
return 0;
}
}
protocol->protocol_auth_state = MXS_AUTH_STATE_RESPONSE_SENT;
/**
@ -600,7 +621,7 @@ gw_read_do_authentication(DCB *dcb, GWBUF *read_buffer, int nbytes_read)
* is changed so that future data will go through the
* normal data handling function instead of this one.
*/
session = session_alloc(dcb->service, dcb);
SESSION *session = session_alloc(dcb->service, dcb);
if (session != NULL)
{

19
server/modules/protocol/mysql_common.c
View File

@ -56,6 +56,25 @@ uint8_t null_client_sha1[MYSQL_SCRAMBLE_LEN] = "";
static server_command_t* server_command_init(server_command_t* srvcmd, mysql_server_cmd_t cmd);
/**
* @brief Allocate a new MySQL_session
* @return New MySQL_session or NULL if memory allocation failed
*/
MYSQL_session* mysql_session_alloc()
{
MYSQL_session *ses = MXS_CALLOC(1, sizeof(MYSQL_session));
if (ses)
{
#ifdef SS_DEBUG
ses->myses_chk_top = CHK_NUM_MYSQLSES;
ses->myses_chk_tail = CHK_NUM_MYSQLSES;
#endif
}
return ses;
}
/**
* Creates MySQL protocol structure
*